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A distributed authentication system that prevents unauthorized access to any computer system (10) in a distributed environ- 
ment. Authentication using the present invention involves three distinct phases. In the first phase, user passwords are generated 
by the computer system (10) and encrypted on a coded card (27) together with a message authentication code to prevent altera- 
tions prior to any access attempts. These are complex and impersonal enough not to be easily guessed. This coded card (27) must 
be used whenever requesting access to the system (10). Second, in addition to supplying a password, the user is required to cor- 
rectly respond to a set of randomly selected authentication challenges (28) when requesting access. The correct responses (29) 
may vary between the right response, a wrong response or no response depending on some predetermined variable, e.g., the day 
of the week or hour of the day. The dual randomness thus introduced significantly reduces the usefulness of observed logon infor- 
mation. Third, at random times during the session, the user is required again to respond to selected authentication challenges 
(28). This detects piggybacking attempts. Since authentication depends on the correctness of the entire set of responses (29) rather 
than on the response to a single question, the present invention provides a significant increase in the probability of detecting and 
preventing unauthorized computer access. 
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DISTRIBUTED USER AUTHENTICATION PROTOCOL 
BACKGROUND 

The present invention relates to authorized user recognition in a distributed com- 
puter system and, more particularly, to the use of computer passwords and other com- 
puter user recognition protocols. 

There is an inherent danger in any computer system where intruders, using nor- 
5 mal channels, may access sensitive or classified information for malicious purposes. 
Unauthorized users can cause many problems for computer systems. They may mod- 
ify software to cause unwanted events to occur or to benefit themselves. They may 
access private or classified data, copy proprietary software, etc. While doing all this, 
they can seriously impact all computer-based operations when their use of computer 

1 0 resources causes deterioration of response times or denial of service for legitimate 

users. Such access can be accomplished in a number of ways, e.g., the user claims to 
be someone else, the user diverts the access path to another computer system, the user 
accesses the system before a legitimate user logs off, and the like. 

Access can be gained by persons who observe a legitimate logon session within 

15 an open communication network and later masquerade as that legitimate user by using 
the information seen. Simple, user-selected and often personally related passwords can 
be "guessed" by intruders or programs written by them. Legitimate sessions may be 
recorded from the communication network for later playback or an intruder may 
"piggyback" a legitimate session by using the system before the user has logged out. 

20 To guard against such attacks, the system must protect itself by authenticating 

its users. Passwords and authentication responses can also be obtained by collusion or 
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surreptitious means. These are outside the scope of the authentication process. The 
present invention's effectiveness against that type of an attack is limited to the case 
where only an incomplete set of responses was obtained and thus tests are failed. 

The use of passwords to authenticate users is the most prevalent means of con- 
trolling access currently in use. In many cases, the users select their own passwoids or 
continue to use the group password. Studies have shown that most users select pass- 
words that are easy to remember, generally personal in nature and seldom change them. 
Under these circumstances, they are easy to guess either by a motivated individual or a 
simple program using a random word generation technique. 

Some systems may use an authentication means such as requesting the user to 
supply a sequence of names, etc. in conjunction with a password. This makes entry 
more difficult but is still vulnerable if the logon procedure is observed and the response 
identified or the expected response is easy to guess. Neither the authentication mecha- 
nism nor the password scheme provide the protection against piggybacking, the use of 
a system before a legitimate user logs off, imbedded in the present invention. 

Accordingly, there is a need for a foolproof means of recognizing and authenti- 
cating an authorized user in a computer system. 

SUMMARY OF THE INVENTION 
In accordance with these and other objectives and features of the present inven- 
tion, there is provided a distributed authentication system that prevents unauthorized 
access to any computer system in a distributed environment Restriction of access is a 
major step in preventing destructive modification of software or data, improper release 
of sensitive/classified information, and misuse of computer system resources. One 
unique feature of the present invention is the use of multiple, randomly selected authen- 
tication or challenge mechanisms and a wide variety of correct answers. "Correct" an- 
swers may include right, wrong, or no responses. Since authentication depends on the 
correctness of the entire set of responses rather than on the response to a single ques- 
tion, the present invention provides a significant increase in the probability of detecting 
30 and preventing unauthorized computer access. 

Authentication using the present invention involves three distinct phases. In the 
first phase, user passwords are generated by the computer system and encrypted on a 
coded card together with a message authentication code to prevent alterations prior to 
any access attempts. These are complex and impersonal enough not to be easily 
35 guessed. This coded card must be used whenever requesting access to the system. 

Second, in addition to supplying a password, the user is required to correctly respond 
to a set of randomly selected authentication challenges when requesting access. The 
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correct responses may vary between the right response, a wrong response or no re- 
sponse depending on some predetermined variable, e.g., the day of the week or hour 
of the day. The dual randomness thus introduced significantly reduces the usefulness 
of observed logon information. Third, at random times during the session, the user is 
5 required again to respond to selected authentication challenges. This detects piggy- 
backing attempts. 

The authentication invention described herein performs these functions in a dis- 
tributed as well as a centralized environment. It employs pairs of authentication boxes, 
coded cards, passwords and a selection of challenges. Distributing responsibility for 

1 0 authentication between the user node and the computer system permits a user to access 
different computer systems from a single user node. The only restriction is that the 
user must possess one or more coded cards generated by the computers) to be ac- 
cessed. The challenges used are selected at random for each authentication session. 
Responses to the challenges can also be varied. At one time, a true response may be 

15 expected. At another, no answer or a false answer may be the correct response. The 
pattern of these responses can be varied by basing their selection on a parameter such 
as day of the week, if desired. Access is granted based on reception of correct re- 
sponses to the entire set of challenges. Users are required to remember their password 
and the valid pattern of response to gain access to the system. Care must be taken that 

20 the response patterns are easy enough to remember so that users will not be tempted to 
record them in an unsafe location. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The various features and advantages of the present invention may be more read- 
25 ily understood with reference to the following detailed description taken in conjunction 
with the accompanying drawings, wherein like reference numerals designate like struc- 
tural elements, and in which: 

FIG. 1 is a block diagram of a simplified computer system employing the prin- 
ciples of the present invention; and 
30 FIG. 2 is a diagram of a second embodiment of the distributed computer system 

employing the principles of the present invention. 

DETAILED DESCRIPTION 

Referring to the drawings, FIG. 1 is a block diagram of a simplified exemplary 
35 arrangement of physically separated computer installations electrically interconnected to 
form a distributed computer system 10. The distributed computer system 10 comprises 
a first terminal 11 and a second terminal 12 interconnected by a communication link 13. 
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The first and second terminals 1 1, 12 are physically separated, and may be on different 
continents, or in different rooms of the same building. The communication link 13 
may comprise wires or coaxial cables, a microwave link, or a path by way of a com- 
munication satellite or communication network. The first terminal 11 comprises a 
5 computer 14 connected to a card reader 15, a data entry keyboard 16 and a readout de- 
vice 17. Similarly, the second terminal 12 comprises a computer 20 connected to a 
card reader 21 , a data entry keyboard 22 and a readout device 23. The computers 14, 
20 may be any conventional unit such as an IBM, Macintosh or any mainframe. The 
card readers 15, 21 may be a box with a card slot and a magnetic reader inside or an 

1 0 optical reader for reading a bar code printed on the card, or any other suitable card 
reading arrangement. The data entry keyboard 16, 22 may be a keypad or a conven- 
tional computer keyboard, or the like. The readout device 17, 23 may be a liquid crys- 
tal display, a cathode ray tube monitor or a hard copy printer. 

In operation, a user 26 approaches the first terminal 1 1 and presents a coded 

15 card 27 to the card reader 15. The card reader 15 reads the code on the card 27. The 
computer 14 verifies the authenticity of the card 27 by checking the code against au- 
thentication data stored in card 27. If authentic, the computer 14 requests a password 
by way of the readout device 17. The user 26 enters the password by way of the data 
entry keyboard 16. The computer 14 compares the password with a password stored 

20 on the coded card 27. If not authentic, communications are terminated. 

If the password is authentic, the computer 14 at the first terminal 1 1 initiates 
communications with the computer 20 at the second terminal 12. After a handshaking 
and authentication protocol has been completed, the computers 14, 20 have authenti- 
cated each other, and a trusted path now exists between them. 

25 The computer 20 at the second terminal 12 now proceeds to present a set of 

challenges 28 via the readout device 17 at the first terminal 1 1. The user 26 responds 
to the challenges 28 via the data entry keyboard 1 6 at the first terminal 1 1. The com- 
puter 20 at the second terminal 12 compares the pattern of responses 29 given with a 
stored pattern of responses 29 agreed upon ahead of time. It is a feature of the present 

30 invention that the correct pattern of responses 29 includes some "incorrect answers" 

given on purpose. For a set of five challenges 28, it may be agreed upon ahead of time 
that three of the responses 29 will be correct, and that two of the responses 29 will be 
incorrect. The set of challenges 28 and the pattern of responses 29 are deliberately 
made easy to avoid the need for writing them down as a memory aid. The key is in the 

35 agreed upon pattern of responses 29. Seven out of ten correct - any seven - or a par- 
ticular seven. The pattern of responses 29 can vary from day-to-day or from morning 
to afternoon. The pattern of responses 29 can be different for each user. When there 
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arc two or more distant terminals to be accessed, the recognition pattern of responses 
29 can be different as one user accesses different terminals. 

The present invention prevents unauthorized access to any computer system in a 
distributed environment Restriction of access is a major step in preventing destructive 
5 modification of software or data, improper release of sensitive/classified information, 
and misuse of computer system resources. One unique feature of the present invention 
is the use of multiple, randomly selected authentication mechanisms and a wide variety 
of correct answers. "Correct" answers may include right, wrong, or no responses. 
Since authentication depends on the correctness of the entire set of responses rather 

10 than on the response to a single question, the present invention provides a significant 
increase in the probability of detecting and preventing unauthorized computer access. 

Authentication using the present invention involves three distinct phases. In the 
first phase, user passwords are generated by the computer system and encrypted on a 
coded card together with a message authentication code to prevent alterations prior to 

15 any access attempts. These are complex and impersonal enough not to be easily 
guessed. This coded card must be used whenever requesting access to the system. 
Second, in addition to supplying a password, the user is required to correctly respond 
to a set of randomly selected authentication challenges when requesting access. The 
correct responses may vary between the right response, a wrong response or no re- 

20 sponse depending on some predetermined variable, e.g., the day of the week or hour 
of the day. The dual randomness thus introduced significantly reduces the usefulness 
of observed logon information. Third, at random times during the session, the user is 
required again to respond to selected authentication challenges. This detects piggy- 
backing attempts. 

25 The authentication invention described herein performs these functions in a dis- 

tributed as well as a centralized environment. It employs pairs of authentication boxes, 
coded cards,passwords and a selection of challenges. Distributing responsibility for 
authentication between the user node and the computer system permits a user to access 
different computer systems from a single user node. The only restriction is that the 

30 user must possess one or more coded cards generated by the computers) to be acces- 
sed. The challenges used are selected at random for each authentication session. Re- 
sponses to the challenges can also be varied. At one time, a true response may be ex- 
pected. At another, no answer or a false answer may be the correct response. The 
pattern of these responses can be varied by basing their selection on a parameter such 

35 as day of the week, if desired. Access is granted based on reception of correct re- 
sponses to the entire set of challenges. Users are required to remember their password 
and the valid pattern of response to gain access to the system. Care must be taken that 
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the response patterns are easy enough to remember so that users will not be tempted to 
record them in an unsafe location. 

FIG. 2 illustrates a second example of an operational arrangement. In this sys- 
tem, the user can access any computer in a distributed system from a single node pro- 
vided that he possesses a coded card containing a password generated by that comput- 
er, 

FIG. 2 is a block diagram of another embodiment of a distributed computer 
system 30 having five nodes 31, 32, 33, 34, 35. Each node 31, 32, 33, 34, 35 is 
comprised of a computer system 36 and an authentication box 37. In the present ex- 
ample, the authentication box 37 at the fifth node 35 has communication links 38 to the 
authentication boxes 37 at the first, second and third nodes 31, 32, 33. Similarly, the 
authentication box 37 at the fourth node 34 has communication links 40 to the authenti- 
cation boxes 37 at the first, second and third nodes 31, 32, 33. A first user 41 is lo- 
cated at the fifth node 35, and a second user 42 is located at the fourth node 34. Since 
15 authentication boxes 37 are colocated with their respective computer system 36, the 
path between each box 37 and its computer system 36 is considered to be trusted. 

The following describes the operation. Protection against fraudulent responses 
to messages sent over the communication links 38, 40 is provided through the use of 
time stamps and sequence numbers. An intruder cannot decrypt a message in time to 
20 generate a response within the acceptable time window or determine the proper se- 
quence number for the set that applies. 

Prior to the start of communications, the first node 31 must: (a) generate two 
asymmetric keys: AKc which is stored on the user s card and AKx which is stored in 
the first node 31 associated with the user's password file, and (b) generate a card to be 
25 carried by the first user 41 using a private key (PKcard). This card contains the user 
name, encrypted password, AKc, Message Authentication Code (MAC). 

To initiate a session, the first user 41 presents a card to the authentication box 
37 at fifth node 35. The fifth node 35 authenticates the card by checking the MAC. If 
authentic, the fifth node 35 authenticates the first user 41 by requesting the password, 
30 encrypting it and comparing it with the password stored on the card. If not authentic, 
communications are terminated. If authentic, the fifth node 35 sends a message to the 
authentication box 37 at the first node 31 encrypted with the public code of the first 
node 31 and containing the certificate of the fifth node 35, a date/time stamp, a se- 
quence number, a random number generated by the fifth node 35 and a MAC. If not 
35 authentic, communications are terminated. 

The first node 31 decrypts the message and verifies that the fifth node 35 is not 
on the list of compromised authentication boxes 37 furnished by the an authority desig- 
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nated as the Key Management Center. If the fifth node 35 is on this list, the first node 
31 considers the card for the first user 41 also to be compromised and terminates com- 
munications. If the fifth node 35 is not on this list, the first node 31 checks the time 
stamp to determine if it is within a predetermined window. If not, the message is con- 
5 sidered invalid and communications are terminated. If valid, the first node 31 checks 
the sequence number to verify that it is in consecutive order for the fifth node 35. If 
not, the message is considered invalid and communications are terminated. If valid, the 
first node 31 sends a message to the fifth node 35 encrypted with the public key of the 
fifth node 35 and containing the certificate of the first node 31, a date/time stamp, a se- 

10 quence number, the random number generated by the fifth node 35 and a MAC. 

The fifth node 35 decrypts the message and performs the same time stamp and 
sequence number tests as discussed in the last paragraph. If not passed, communica- 
tions are terminated. If passed, the fifth node 35 generates a traffic encryption key 
TEKab using both certificates and the random number. At this point, the fifth node 35 

1 5 and the first node 3 1 have authenticated each other and a trusted path now exists be- 
tween them. 

Using the traffic encryption key TEKab, the first node 31 sends a message to 
the fifth node 35 containing a request for the password of the first user 41 and a MAC. 
The fifth node 35 requests the password of the first user 41. The first user 41 enters a 

20 clear test password The fifth node 35 encrypts the password then using TEKab to 
send it to the first node 3 1 with a MAC. The first node 3 1 compares the encrypted 
password with the one stored in the first node 31. Only three attempts to enter a pass- 
word are allowed. If three failures occur, the session is terminated. 

If the password is accepted, the first node 31 downloads challenges from its 

25 authentication box 37 to the fifth node 35. The authentication box 37 at the first node 
31 selects the challenges randomly and sends a message to the fifth node 35 encrypted 
with TEKab containing the challenge/response phrases and a MAC. The preceding 
step is repeated a random number of times with different authentication challenges. 
Only one opportunity is allowed for response to each challenge. The fifth node 35 

30 sends a message encrypted with TEKab containing the sequence of passed/failed chal- 
lenges of the first user 41 and a MAC. If first user 41 has failed to supply the proper 
sequence of passed/failed challenges, the session is terminated. The first node 31 re- 
peats authentication requests at intervals during the session to provide continuous au- 
thentication. Whenever the session terminates, the fifth node 35 will destroy all down- 

35 loaded information and notify the first node 31 when completed using TEK for encryp- 
tion. 
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Thus there has been described a new and improved method for recognizing an 
authorized user in a computer system. It is to be understood that the above-described 
embodiments are merely illustrative of some of the many specific embodiments which 
represent applications of the principles of the present invention. Clearly, numerous and 
other arrangements can be readily devised by those skilled in the art without departing 
from the scope of the invention. 
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What is claimed is: 

1 . A user authentication arrangement for use with a computer network (10) 
having physically separated nodes, said arrangement characterized by: 

first and second nodes (11,12) each including a computer (14, 20), a readout 
device (17, 23) and a keyboard (16, 22), and at least one of said nodes (1 1) having a 
5 card reader (IS); 

a communication link (13) operatively interconnecting said nodes (1 1, 12); and 

a coded card (27) adapted to be read by the card reader (15) and having a coded 
message stored thereon that is compared with a correct message stored in a selected 
node (1 1), whereupon, if the coded message agrees with the correct message, a set of 
10 challenges (28) is displayed at the readout device (17) and responses are entered by the 
user on the keyboard (16), and the pattern of responses entered by the user, including 
correct and incorrect responses, is compared with the preselected agreed upon pattern 
of responses (29) to determine user access to the computer network (10). 

2. A method for authenticating an authorized user for a computer network (10) 
having physically separated nodes (11, 12) that each comprise a computer (14, 20), 
characterized by the following steps: 

inserting a coded card (27) in a card reader (15); 
5 comparing the code contained on said card (27) with a correct code stored in the 

computer (14); 

displaying a preselected set of challenges (28) to the user; 

responding to the preselected set of challenges (28) with a pattern of responses 
including correct and incorrect responses and no responses, whereupon, the pattern of 
10 responses entered by the user, including correct and incorrect and no responses, is 

compared with the preselected pattern of responses (29) to determine user access to the 
computer network (10). 
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